Vulnerability Details : CVE-2014-3161
The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.
Exploit prediction scoring system (EPSS) score for CVE-2014-3161
Probability of exploitation activity in the next 30 days: 0.31%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3161
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-3161
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3161
-
http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html
Chrome Releases: Chrome for Android UpdateVendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=334204
334204 - Same-origin security issue in <video> on Android - chromium - Monorail
-
https://src.chromium.org/viewvc/chrome?revision=266396&view=revision
[chrome] Revision 266396
Products affected by CVE-2014-3161
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.93:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.92:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.91:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.90:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.76:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.75:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.73:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.105:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.99:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.98:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.85:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.84:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.83:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.82:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.100:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.96:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.94:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.89:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.87:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.78:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.70:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.104:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.102:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.97:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.95:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.88:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.86:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.81:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.79:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.72:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.103:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:36.0.1985.101:*:*:*:*:*:*:*